Privacy Statement

Secured Data Recovery Privacy Policy

Effective Date: 01-05-2025

  1. Introduction

  We is committed to protecting the privacy of your personal information and the confidentiality of the data you entrust to us for recovery. This Privacy Policy outlines how we collect, use, disclose, store, and manage your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

  1. What is Personal Information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form 1or not. This may include your name, contact details, payment information, and any other information that could identify you.

  1. What Information Do We Collect and How?

We collect personal information that is reasonably necessary for us to provide our data recovery services and operate our business. This includes:

  • Information you provide directly:
    • Contact details: Name, address, email address, phone number.
    • Service details: Information about the device or data loss scenario, specific files or data you are seeking to recover.
    • Payment information: Credit card details, bank account information (processed securely through third-party payment gateways where applicable).
    • Communication records: Correspondence, emails, and phone call notes related to your service request.
  • Information we collect during the data recovery process:
    • While we strive to recover only the data you explicitly request, the nature of data recovery may involve us having temporary access to all data present on your device. We do not intentionally view, copy, or use any personal or sensitive data beyond what is strictly necessary to perform the recovery service. Our primary focus is the technical process of data extraction.
  • Information collected automatically (e.g., website usage):
    • Website analytics: Anonymous data about your use of our website (e.g., IP address, browser type, pages visited) collected via tools like Google Analytics. This helps us improve our website and services and does not identify you personally.
    • Cookies: Small data files stored on your device to enhance your website experience (you can usually disable cookies in your browser settings).
  1. How We Use Your Personal Information

We use your personal information for the following primary purposes:

  • To provide you with our data recovery services, including diagnostics, recovery, and data transfer.
  • To communicate with you regarding your service request, provide updates, and address your inquiries.
  • To process payments for our services.
  • To maintain accurate records for administrative, accounting, and legal purposes.
  • To improve our services and develop new offerings.
  • To send you marketing and promotional materials (only with your express consent, and you can opt-out at any time).
  • To comply with our legal obligations and resolve any disputes.
  1. Disclosure of Personal Information

We will not disclose your personal information to third parties except in the following circumstances:

  • With your consent: Where you have expressly agreed to the disclosure.
  • To third-party service providers: We may engage trusted third-party service providers (e.g., payment processors, couriers) to assist us in delivering our services. These providers are obligated to protect your information and only use it for the purposes for which we disclose it to them.
  • When required or authorised by law: This includes responding to lawful requests from government agencies, law enforcement, or as required by court order.
  • To protect our rights or property: If we believe it is necessary to protect our legal rights, property, or safety, or the safety of others.

Crucially, we will never sell or rent the data recovered from your device or any personal information collected from you to any third party.

  1. Data Security

We take reasonable steps to protect your personal information and recovered data from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

  • Physical security: Secure premises with restricted access to data recovery laboratories and storage areas.
  • Technical security:
    • Encryption of sensitive data where appropriate.
    • Firewalls and other network security measures.
    • Secure servers and data storage systems.
    • Regular software updates and patching.
    • Access controls and password protection for internal systems.
  • Procedural security:
    • Strict internal policies and procedures for handling client data.
    • Employee training on data privacy and security protocols.
    • "Need-to-know" access principles, limiting data access to only those employees who require it to perform their duties.
    • Secure data destruction protocols for recovered data once the service is complete and verified by the client.

While we implement robust security measures, no data transmission over the internet or electronic storage is entirely secure. We cannot guarantee the absolute security of your information, but we commit to doing everything reasonably possible to protect it.

  1. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once your data recovery service is complete and you have confirmed receipt of your recovered data, we will securely erase or destroy any residual copies of your data from our systems within [e.g., 7 days/30 days - be specific but allow for unforeseen issues]. We retain minimal personal information (e.g., contact details, service history, payment records) for administrative, warranty, and legal compliance purposes.

  1. Accessing and Correcting Your Personal Information

You have the right to:

  • Request access: Request access to the personal information we hold about you. We will respond to your request within a reasonable time and provide access unless an exception applies under the Privacy Act.
  • Request correction: Request that we correct any personal information we hold about you that is inaccurate, incomplete, or out-of-date.

To make an access or correction request, please contact us using the details below.

  1. Making a Complaint

If you have a complaint about how we have handled your personal information, please contact us in writing. We will investigate your complaint and respond to you within a reasonable timeframe.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will publish any updated policy on our website. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

https://www.secureddatarecovery.com.au/contact

Key Australian Considerations for Data Recovery:

  • Australian Privacy Principles (APPs): The APPs are the cornerstone of privacy law in Australia. Your policy should demonstrate how you adhere to each of them (collection, use, disclosure, quality, security, access, and correction).
  • Notifiable Data Breaches (NDB) Scheme: If your business is covered by the Privacy Act (generally, businesses with an annual turnover of $3 million or more, or certain other entities), you have obligations under the NDB scheme. If a data breach occurs that is likely to result in serious harm to individuals, you must notify affected individuals and the OAIC. Even if your turnover is under $3 million, it's good practice to have a breach response plan.
  • Confidentiality vs. Privacy: While related, emphasize both. Data recovery is inherently about accessing sensitive data. Your policy should clearly state your commitment to maintaining the confidentiality of the recovered data, distinct from the privacy of personal information you collect about the client themselves.
  • Explicit Consent for Marketing: Ensure you have clear, opt-in consent before sending any marketing communications.
  • Data Destruction: Crucial for a data recovery business. Clearly state your policy on how recovered data is securely destroyed after the client receives it and the retention period expires.
  • No "View" or "Use" of Recovered Data: Reiterate that your technicians do not intentionally view or use the contents of the recovered data beyond what is strictly necessary for the technical recovery process.

Disclaimer: This is a template and general guidance. It is highly recommended that you consult with a legal professional to tailor this privacy policy to your specific business operations and to ensure full compliance with all applicable laws and regulations in your jurisdiction.